This isn't the first time this has happened. CBoard got hacked by someone else with a green logo; I can't remember where I saved it at the moment. That time was more serious, however: cprogramming.com and all of CBoard were down.

Good to see it was fixed so quickly.

Hmm... I'm sorry I missed that. However, as you say, there is a big difference between getting root access to the server and getting some administrator password via some SQL injection.

Well, I'm still curious about the index.php defacing that seems to have affected the whole htdocs directory... You would get the deface page from cboard, cprogramming and any directory with an index.php page.

This could only be done (mind my still unfamiliarity with apache) through .htaccess. Now, assuming there exists already an .htaccess file in ~/htdocs (which for security reasons alone should exist), they couldn't possibly have altered it unless this file was writable by apache (which shouldn't!).

If, on the other hand, that file didn't exist then there's still the issue how they gained access to htdocs root, assuming cboard sits on its own directory inside /htdocs (I can't get this information from simply looking at the response headers from a 404 or 500 error).

Originally Posted by brewbuck:Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

"Simplicity does not precede complexity, but follows it." -- Alan Perlis
"Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
"The only real mistake is the one from which we learn nothing." -- John Powell

I don't see why any of us should waste a single braincell-second more on these idiots. It's up to the admin to figure out what they exploited and fix it. Other than that, let these guys rot in their little dungeons.

Attention is what they want, and that's what they're getting right now.

I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.

Originally Posted by brewbuck:Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.

I'm not trying to tell anybody to "shut up" or anything like that. I just think posting screenshots of what the site looked like is a bit over the top, and sort of glorifies the morons. Yes, I'm interested to know what the exploit was. Beyond that I won't give these guys any more air time.